If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

block php page in public view. but still able to use by other page.

block php page in public view. but still able to use by other page.

hi, I'm working on a website that has ajax live search(search.php) on it, search.php calls in from another php page to search in database, it works just fine, the problem is search.php can be typed in url and display all data from database. I tried googling it, still don't have clear idea how to solve it. I've read that it can be done in .htaccess, also by changing permission... I just want to be enlightened how to properly fix the problem. thanks

If it's a question of only wanting it to be accessed via include()/require(), a few approaches:

- Move the included file outside of the web document root directory hierarchy.
- Give it a name with a distinct suffix that you then disallow via the web server (e.g. via the .htaccess file)
- Compare the script's file name against that of $_SERVER['SCRIPT_NAME'], and if the same exit (and maybe first send a 404 header)
- Set a constant in the main script that would do the including of the file in question, and if that constant is not defined, exit (and 404?)